[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] insecure tmpfile creation in scrollkeeper

To: linux-security
Subject: [linux-security] insecure tmpfile creation in scrollkeeper
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 11 Sep 2002 18:41:36 -0700
User-Agent: Mutt/1.4i

Topic
=====
scrollkeeper creates tmpfiles insecurely

Problem Description
===================
ScrollKeeper is a cataloging system for documentation. All versions of
ScrollKeeper between 0.3 and 0.3.11 have a tempfile vulnerability.

The scrollkeeper-get-cl command generates temporary files in the /tmp
directory.  These files are named scrollkeeper-tempfile.[0-4], and while
creating these files scrollkeeper-get-cl follows symbolic links. These
files are created when a user logs in to a GNOME session and are created as
the user who logged in. This means an attacker with local access can easily
create and overwrite files as another user.

Affected Systems
================
scrollkeeper versions between 0.3 and 0.3.11 (both included)

Solution
========
upgrade to a patched version for your distribution

RedHat 7.3
----------
rpm -Fvh scrollkeeper-0.3.4-5.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to scrollkeeper_0.3.6-3.1_i386.deb,
           libscrollkeeper0_0.3.6-3.1_i386.deb,
           libscrollkeeper-dev_0.3.6-3.1_i386.deb

Prev by Date: Re: [linux-security] php remote exploit (RedHat, Mandrake)
Next by Date: [linux-security] buffer overflows in ethereal
Prev by thread: [linux-security] buffer overflows in ethereal
Next by thread: [linux-security] interruption
Index(es):
- Date
- Thread